Описание
ELSA-2013-0623: tomcat6 security update (IMPORTANT)
[0:6.0.24-52]
- Related: rhbz 882010 rhbz 883692 rhbz 883705
- Javadoc generation did not work. Using targetrhel-6.4.Z-noarch-candidate
- to avoid building on ppc64, ppc, and x390x.
[0:6.0.24-50]
- Resolves: rhbz 882010 CVE-2012-3439 CVE-2012-5885 CVE-2012-5886 CVE-2012-5887
- three DIGEST authentication issues
- Resolves: rhbz 883692 CVE-2012-4534 Denial of service when using
- SSL NIO sendfile
- Resolves: rhbz 883705 CVE-2012-3546 Bypass of Realm security constraints
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
tomcat6
6.0.24-52.el6_4
tomcat6-admin-webapps
6.0.24-52.el6_4
tomcat6-docs-webapp
6.0.24-52.el6_4
tomcat6-el-2.1-api
6.0.24-52.el6_4
tomcat6-javadoc
6.0.24-52.el6_4
tomcat6-jsp-2.1-api
6.0.24-52.el6_4
tomcat6-lib
6.0.24-52.el6_4
tomcat6-servlet-2.5-api
6.0.24-52.el6_4
tomcat6-webapps
6.0.24-52.el6_4
Oracle Linux i686
tomcat6
6.0.24-52.el6_4
tomcat6-admin-webapps
6.0.24-52.el6_4
tomcat6-docs-webapp
6.0.24-52.el6_4
tomcat6-el-2.1-api
6.0.24-52.el6_4
tomcat6-javadoc
6.0.24-52.el6_4
tomcat6-jsp-2.1-api
6.0.24-52.el6_4
tomcat6-lib
6.0.24-52.el6_4
tomcat6-servlet-2.5-api
6.0.24-52.el6_4
tomcat6-webapps
6.0.24-52.el6_4
Ссылки на источники
Связанные уязвимости
The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
The replay-countermeasure functionality in the HTTP Digest Access Auth ...